Published on the 13/05/2022 | Written by Heather Wright
Zero trust, agile benefits and terror attacks…
When footage from the Christchurch terror event started spreading online in March 2019, Josh Bahlman and his team were on the case, tracking down the content and sharing the information with other ISPs to stop its spread.
It’s not the everyday work of a CISO, but for Bahlman, Spark general manager/tribe leader Telco Cloud and Cyber Defence and CISO of Spark Group (which includes Spark NZ, CCL, Leaven, Qrious, Mattr, Digital Island and Entelar) it’s just part and parcel of his varied – and busy – life.
“Security is not just the responsibility of IT departments – it must be at the forefront of business decisions and overall DX.”
Bahlman heads up New Zealand’s largest cyber defence team, with more than 180 IT, network and cybersecurity experts at Spark, protecting the vast Spark network infrastructure and the businesses and individual Kiwis using Spark’s services.
His role in helping shut down the spread of the terrorist videos – taking unprecedented steps while government policy and processes were still being developed – was one example of the ‘quick, decisive action’ which recently saw Bahlman named New Zealand’s Best Security Leader at the 2021 Isanz Information Security Awards.
“Every day our teams identify strategies for businesses to implement into their security operations, protect sensitive data, detect any imminent threats and respond accordingly by implementing best practice procedures,” he notes.
Cyber defence is, he says ‘a journey of maturity’. It’s also one he’s adamant is not just the responsibility of the IT department.
“It must be at the forefront of business decisions and overall digital transformation, to both create a framework for growth and to give organisational leaders the insight necessary to reassure customers,” he says.
In his role, Bahlman, whose team includes globally certified Incident Response Teams and is actively involved in many security incident response team trust groups sharing information on risk, has a front row seat to how other organisations are handling cybersecurity.
It’s not always a pretty picture.
“We’re seeing an increase in monetised eCrime such as ransom DDoS campaigns, geo-political attacks and large scale compromises from high profile vulnerabilities. These are causing major political impacts to New Zealand organisations, as we’ve seen in the media last year.”
Bahlman has been a key consultant on a number of highly publicised security events, including the Waikato District Health Board DDoS attacks, the NZX DDoS attacks and the ANZ Bank security event.
Bahlman – not speaking to those specific incidents – says the most important factor when dealing with a breach is having a well-documented and tested incident response process.
“What we’ve found is that a lot of organisations don’t actually have these measures in place,” he says. “Many organisations lack mature incident response plans, which leads to a lot of uncertainty at a crucial plan.”
He says a large number of businesses ‘seem underprepared when it comes to their digital security’. But despite that, and that growing concerns about security threats, Bahlman says there are some simple steps most businesses can take to resolve any security gaps in their infrastructure.
“For any business, no matter the size, security of digital infrastructure is absolutely vital. It’s much easier to identify any issues and take actions to resolve these than be faced with a catastrophe such as a breach of customer privacy or loss of essential data and infrastructure in the event of a ransomware attack.
“Additionally, recovering from brand and reputation damage after a major security incident can be even harder. That’s why it’s so important for businesses to be prepared and be constantly working on improving their security posture.”
Bahlman offers up these simple actions for all businesses to improve security:
- Understand what assets are important to you and your business
- Back up your important information daily
- Patch all your operating systems often
- Patch all your applications often
- Restrict all administrative privileges across your desktop, servers and applications
- Implement application whitelisting on servers and desktops
- Implement multi-factor authentication
Agile and zero trust
“The ever-changing nature of technology has brought with it different threats and a different range of adversaries for security professionals to combat.
“That means the traditional perimeter network security trust models many organisations use today are becoming less relevant for modern security outcomes.”
Zero trust is ‘one of the top approaches’ to address those challenges, Bahlman notes. The holistic, strategic approach to security ensures everyone and every device granted access is who and what they say they are.
It’s an approach Bahlman says can provide an adaptive approach to help secure New Zealand organisations, and it’s part of the Spark Total Protection technologies focused on protection for workplaces and cloud infrastructure.
The company has also invested in security automation, orchestration and machine learning to stay ahead of the ever-evolving threats, though Bahlman is understandably reticent to divulge too many details.
He’s also an advocate for agile in cyber security, saying it can lead to a more efficient environment through process consistency, enhanced project visibility and team collaboration across a business.
“By incorporating security specialists at the beginning, agile teams can be alerted of potential security threats along the way.
“Rather than an add-on that requires triage and a multitude of hours from security later down the road, cyber security can mitigate potential risks before they even occur when working alongside an agile environment.”
Cybersecurity in an agile development environment means having a comprehensive approach to identify any gaps or concerns, he says.
“This means investing in automation where possible for testing and scanning, along with simulated attacks to ensure security at every step of development. This can be accomplished through tactics such as simulated attacks, penetration testing and applications scanning.”
Bahlman’s desire to help others understand IT security has seen him add yet another role, providing pro bono security advice around the world as the founder of Security for Charity, working on aid projects and helping groups, including human rights groups and political groups opposing oppressive political regimes, in intelligence and security related matters.
“Hackers are always one step ahead of the game, so it’s important that organisations have experienced IT professionals who are always upskilling to stay up-to-date with emerging trends and security vulnerabilities with a focus on getting the basics right,” he says.